package com.dongway.core.utils;

import org.apache.commons.lang3.StringUtils;
import org.apache.shiro.subject.Subject;

import com.dongway.core.dto.IUserDTO;

public final class SecurityUtils {

    /**
     * 获取当前操作数据
     * 
     * @return
     */
    public static IUserDTO currentUser() {
        try {
            Subject subject = org.apache.shiro.SecurityUtils.getSubject();
            Object obj = subject == null ? null : subject.getPrincipal();
            return obj instanceof IUserDTO ? (IUserDTO) obj : null;
        } catch (Exception e) {
            return null;
        }
    }


    /**
     * 当前登陆用户是否有权限访问指定的URL
     * 
     * @param url
     * @return
     */
    public static boolean hasAuthorize(String url) {
        if (StringUtils.isBlank(url)) {
            return true;
        }
        IUserDTO oper = currentUser();
        if (null == oper) {
            return false;
        }
        if (!url.startsWith("/")) {
            url = "/" + url;
        }
        if (url.indexOf("?") != -1) {
            url = url.substring(0, url.indexOf("?"));
        }
        /*
         * //指定的URL无权限控制 Set<String> set = SecurityContext.instance().get(url); if
         * (CollectionUtils.isEmpty(set)) { return true; } //判断是否授权 Collection<? extends
         * GrantedAuthority> authorities = oper.getAuthorities(); for (GrantedAuthority authority :
         * authorities) { if (set.contains(authority.getAuthority())) { return true; } }
         */
        return false;
    }


    public static boolean hasAnyAuthorize(String string) {

        return false;
    }
}
